-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat : Fuzzing #146
Feat : Fuzzing #146
Conversation
I was trying to enable fuzzing of https://github.com/sigstore/rekor ran into the tight coupling of the code and realized the ideal place to start is |
nice! thanks could this be leveraged as a github action as well? |
+1 to the concept - @cpanato do you think it makes to implement the same |
Yes, my thought process is crawl-walk-run. I wanted to get the initial set up done run ClusterFuzz lite as part of GitHub action for every PR and also probably as a corn job |
I agree that would be good. But can that be a refactor after this one is merged? |
296f118
to
c175f7b
Compare
c175f7b
to
1b6943d
Compare
@@ -0,0 +1,2 @@ | |||
-----BEGIN ----- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Put the initial corpus into the workdir/corpus directory (in our case examples/png/corpus). Go-fuzz will add own inputs to the corpus directory. Consider committing the generated inputs to your source control system, this will allow you to restart go-fuzz without losing previous work.
Source https://github.com/dvyukov/go-fuzz
https://github.com/dvyukov/go-fuzz-corpus/tree/master/pem/corpus
Enabling fuzzing for sigstore. The first steps into fuzzing Sigstore. The goal is to integrate this into oss-fuzz using libfuzzer https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/ and https://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
1b6943d
to
979d458
Compare
@lukehinds @dlorenc Friendly ping. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one nit otherwise LGTM
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Thanks! Merged the suggestion. |
will do and propose a PR, sorry for the delay to reply, missed this notification |
* Add support for COSIGN_REPOSITORY env var This env var will allow users to specify which repo they want cosign signatures stored in. Signed-off-by: Priya Wadhwa <priyawadhwa@google.com> * Add notes about COSIGN_REPOSITORY to README Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
Enabling fuzzing for sigstore.
The first steps into fuzzing Sigstore.
The goal is to integrate this into oss-fuzz using libfuzzer
https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/ and
https://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html
Signed-off-by: naveen 172697+naveensrinivasan@users.noreply.github.com